Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I am still infected


  • This topic is locked This topic is locked
25 replies to this topic

#1 Dermont

Dermont

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 07 June 2012 - 03:13 PM

Hello,

PC got malware on 5-31-12. I cleaned with McAfee enterprise 8.8,MBAM,SAS,ESET online scan and TDSSkiller. All of these found infected files.Can you help me make sure I am clean? I will be glad to rerun these with your help if needed or any suggestions you have.
Thanks a lot,
Dermont

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 PM

Posted 07 June 2012 - 11:44 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Dermont

Dermont
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 08 June 2012 - 02:15 PM

Hello Gringo,

Thank you for helping me.

Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
McAfee VirusScan Enterprise+AntiSpyware Enterprise
Trend Micro PC-cillin Internet Security
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner (remove only)
Java™ 6 Update 3
Java™ 6 Update 5
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Reader 6 Adobe Reader out of date!
Mozilla Firefox (1.5.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
McAfee VirusScan Enterprise SHSTAT.EXE
Trend Micro Internet Security 12 pccguide.exe
Trend Micro Internet Security 12 TMAS_OE TMAS_OEMon.exe
TRENDM~1 INTERN~1 PcCtlCom.exe
TRENDM~1 INTERN~1 Tmntsrv.exe
TRENDM~1 INTERN~1 tmproxy.exe
TRENDM~1 INTERN~1 TmPfw.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 0%
````````````````````End of Log``````````````````````

#4 Dermont

Dermont
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 08 June 2012 - 02:33 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_05
Run by Day at 15:23:35 on 2012-06-08
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2444 [GMT -4:00]
.
AV: McAfee VirusScan Enterprise+AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Trend Micro PC-cillin Internet Security *Disabled/Outdated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro PC-cillin Internet Security (Firewall) *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://finance.yahoo.com/
uInternet Settings,ProxyOverride = <local>
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110805153426.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 12\pccguide.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
StartupFolder: c:\docume~1\day\startm~1\programs\startup\checkf~1.lnk - c:\program files\quote.com\continuumclient\WiseUpdt.exe
StartupFolder: c:\docume~1\day\startm~1\programs\startup\checkf~2.lnk - c:\program files\quote.com\qcharts 5.1\WiseUpdt.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {556DDE35-E955-11D0-A707-000000521957} - hxxp://www.xblock.com/download/xclean_micro.exe
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://its.unc.edu/resnet/webcams/AxisCamControl.ocx
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://goldberry2.notes.duke.edu/dwa7W.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://ppdvpn.ppdi.com/dana-cached/setup/JuniperSetupSP1.cab
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{85E52BEF-4B01-483A-B47D-E3E164BF5C20} : DhcpNameServer = 192.168.1.254 192.168.1.254
Filter: text/html - {fe5cf457-691b-429d-bd6d-6f26ecd63ba1} -
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\day\application data\mozilla\firefox\profiles\3l1fyv6j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://finance.yahoo.com/
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-8-5 475704]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-8-5 88544]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-1-12 120128]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-8-5 159320]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2011-1-12 209760]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-8-5 159608]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-8-30 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2005-8-30 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2005-8-30 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-8-30 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2005-8-30 262215]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2011-3-9 238592]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2011-3-9 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2011-3-9 484352]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-8-5 171296]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-8-5 58456]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-8-5 87656]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-11-20 11520]
.
=============== Created Last 30 ================
.
2012-06-04 21:20:35 -------- d-----w- c:\program files\stinger
2012-06-04 20:16:18 14664 ----a-w- c:\windows\stinger.sys
.
==================== Find3M ====================
.
2012-06-04 20:15:40 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-06-04 20:15:40 475704 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-06-04 20:15:40 159608 ----a-w- c:\windows\system32\mfevtps.exe
2012-06-03 19:02:52 60304 ----a-w- c:\documents and settings\day\g2mdlhlpx.exe
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 21:04:17 1409 ----a-w- c:\windows\QTFont.for
.
============= FINISH: 15:23:59.65 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/12/2006 5:41:55 PM
System Uptime: 6/8/2012 9:59:04 AM (6 hours ago)
.
Motherboard: Dell Inc. | | 0HJ054
Processor: Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2793/800mhz
Processor: Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 145 GiB total, 73.81 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 6/5/2012 1:18:33 PM - System Checkpoint
RP2: 6/6/2012 5:44:00 PM - System Checkpoint
RP3: 6/7/2012 6:44:19 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
AnswerWorks 4.0 Runtime - English
AOLIcon
ATI Control Panel
ATI Display Driver
Banctec Service Agreement
CCleaner (remove only)
CinepPlayer 30 Update
Conexant D850 56K V.9x DFVc Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Creative Mass Storage Drivers
Creative MediaSource
Creative System Information
Creative Zen Nano Plus
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Media Experience
Dell System Restore
DellConnect
DellSupport
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
DVD Shrink 3.2
EarthLink setup files
EducateU
ELIcon
ESET Online Scanner v3
Games, Music, & Photos Launcher
Get High Speed Internet!
GoToMeeting 5.2.0.952
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB954550-v5)
hp deskjet 5550 series (Remove only)
hp print screen utility
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 3
Java™ 6 Update 5
Juniper Networks Cache Cleaner 6.2.0
Juniper Networks Host Checker
Learn2 Player (Uninstall Only)
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee Agent
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Combat Flight Simulator
Microsoft Combat Flight Simulator 2
Microsoft Office Basic Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Move Media Player
Mozilla Firefox (1.5.0.12)
MSXML 6.0 Parser (KB933579)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
NetWaiting
NetZeroInstallers
Photo Click
Ping Plotter Freeware
QCharts 6.2.1.2142
QuickTime
RealPlayer Basic
Roxio DLA
Roxio Express Labeler
Roxio MyDVD Plus
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB924667)
SnagIt 7
Sonic Activation Module
Sonic Advanced Decoder
Sonic Update Manager
Sound Blaster X-Fi
SUPERAntiSpyware
Trend Micro PC-cillin Internet Security 12
upapp
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB931836)
Viewpoint Media Player
WD SmartWare
WebCyberCoach 3.2 Dell
WebEx
WebFldrs XP
WexTech AnswerWorks
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
.
==== Event Viewer Messages From Past Week ========
.
6/4/2012 5:32:03 PM, error: Service Control Manager [7034] - The WD File Management Shadow Engine service terminated unexpectedly. It has done this 1 time(s).
6/4/2012 5:32:03 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
6/1/2012 7:45:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
6/1/2012 7:44:46 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/1/2012 7:42:22 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Trend Micro Personal Firewall service to connect.
6/1/2012 7:42:22 PM, error: Service Control Manager [7000] - The Trend Micro Personal Firewall service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/1/2012 1:05:45 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
6/1/2012 1:05:45 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Western Digital\WD SmartWare\Front Parlor\XP\Shadow.dll. Reference error message: The operation completed successfully. .
6/1/2012 1:05:45 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
.
==== End Of File ===========================

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 PM

Posted 08 June 2012 - 03:56 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 PM

Posted 10 June 2012 - 11:35 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Dermont

Dermont
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 11 June 2012 - 04:13 PM

Hello Gringo,

Yes I am still here. I couldn't work on the PC these past 2 days. So now I just ran Combofix and I will post the log below.

On 5-31-12 Malware hit my PC. McAfee stopped 2 files as they came in, but about 1-2 minutes later a false alarm screen popped up saying I was out of disk space. It hid most everything on my desktop except a few things, including IE icon so I could get on the internet. I used Unhide.exe to restore everything back then started scanning with MBAM,SAS,McAfee,Eset online, TDSSkiller and McAfee stinger. Different malware was found with each software I used. I kept scanning til nothing showed up. I then tried to do a system restore and it didn't work, so I figured it was corrupted and turned it off to clear files, then I turned it back on.

The PC now is working ok, except a few things are acting different than before the virus:
- On some windows in the area of FILE EDIT VIEW etc, there are white boxes around these words. Normally they are gray,and when I hover the mouse over them I get a blue box. Now some are white and don't turn blue.
- When I hit start and go to programs, the list of programs is mostly gray but then turns white as I place the curser on them.
- On startup of the PC I get an icon in the system tray that says "my antivirus may be out of date click balloon to fix this problem" It goes away as McAfee comes on. When I clicked on the icon it opened the Microsoft security center and I unchecked the warnings and it quit doing the popup warning. When I scan with SAS it wants to turn this back on. This didn't happen before.

After I ran Combofix the above things are still occuring, including the warning balloon. It seems Combofix turned this back on.

My goal is to make sure all virus and malware are gone and then to update my programs in the proper order especially windows SP3.

Again thanks for your help,
Dermont

Combofix log below.

ComboFix 12-06-11.04 - Day 06/11/2012 15:34:38.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2353 [GMT -4:00]
Running from: c:\documents and settings\Day\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise+AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Trend Micro PC-cillin Internet Security *Disabled/Outdated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro PC-cillin Internet Security (Firewall) *Enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\zJrNzDYgQ8URhI
c:\documents and settings\Day\Application Data\Adobe\plugs
c:\documents and settings\Day\Application Data\Adobe\shed
c:\documents and settings\Day\g2mdlhlpx.exe
c:\documents and settings\Day\Local Settings\Application Data\{9EC34409-F16B-4407-8548-7E00059EFFC3}
c:\documents and settings\Day\Local Settings\Application Data\{9EC34409-F16B-4407-8548-7E00059EFFC3}\chrome\content\overlay.xul
c:\documents and settings\Day\Local Settings\Application Data\{9EC34409-F16B-4407-8548-7E00059EFFC3}\install.rdf
c:\program files\Shared
.
.
((((((((((((((((((((((((( Files Created from 2012-05-11 to 2012-06-11 )))))))))))))))))))))))))))))))
.
.
2012-06-04 21:20 . 2012-06-04 21:40 -------- d-----w- c:\program files\stinger
2012-06-04 20:16 . 2012-06-04 21:32 14664 ----a-w- c:\windows\stinger.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-04 20:15 . 2011-08-05 19:34 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-06-04 20:15 . 2011-08-05 19:34 475704 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-06-04 20:15 . 2011-08-05 19:34 159608 ----a-w- c:\windows\system32\mfevtps.exe
2012-04-04 19:56 . 2011-07-30 02:05 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 21:04 . 2012-03-26 21:04 1409 ----a-w- c:\windows\QTFont.for
2011-08-03 06:03 . 2006-08-29 06:38 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2011-08-03 06:03 . 2006-08-29 06:38 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2011-08-03 06:03 . 2006-08-29 06:38 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2005-11-08 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 18944]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-12 98304]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-18 8192]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]
.
c:\documents and settings\Day\Start Menu\Programs\Startup\
Check for ContinuumClient Updates.lnk - c:\program files\Quote.com\ContinuumClient\WiseUpdt.exe [2006-6-12 166518]
Check for QCharts Updates.lnk - c:\program files\Quote.com\QCharts 5.1\WiseUpdt.exe [2006-6-15 166518]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-12 24576]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/5/2011 3:34 PM 88544]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [8/5/2011 3:34 PM 159608]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [8/30/2005 5:36 PM 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [8/30/2005 5:36 PM 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [8/30/2005 5:36 PM 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [8/30/2005 5:36 PM 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [8/30/2005 5:36 PM 262215]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [3/9/2011 12:07 PM 238592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [3/9/2011 12:18 PM 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [3/9/2011 12:16 PM 484352]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/5/2011 3:34 PM 87656]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/20/2011 10:04 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://finance.yahoo.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
FF - ProfilePath - c:\documents and settings\Day\Application Data\Mozilla\Firefox\Profiles\3l1fyv6j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://finance.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
SafeBoot-klmdb.sys
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-11 15:41
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2012-06-11 15:47:35
ComboFix-quarantined-files.txt 2012-06-11 19:47
.
Pre-Run: 79,054,970,880 bytes free
Post-Run: 79,041,871,872 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A5B60CB8F097ED16637D3F3AA7A60AA0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 PM

Posted 11 June 2012 - 04:59 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Dermont

Dermont
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 12 June 2012 - 01:10 PM

Hello Grengo,

Here are the files.

13:15:54.0109 0248 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
13:15:54.0359 0248 ============================================================
13:15:54.0359 0248 Current date / time: 2012/06/12 13:15:54.0359
13:15:54.0359 0248 SystemInfo:
13:15:54.0359 0248
13:15:54.0359 0248 OS Version: 5.1.2600 ServicePack: 2.0
13:15:54.0359 0248 Product type: Workstation
13:15:54.0359 0248 ComputerName: MAINDESKTOP
13:15:54.0359 0248 UserName: Day
13:15:54.0359 0248 Windows directory: C:\WINDOWS
13:15:54.0359 0248 System windows directory: C:\WINDOWS
13:15:54.0359 0248 Processor architecture: Intel x86
13:15:54.0359 0248 Number of processors: 2
13:15:54.0359 0248 Page size: 0x1000
13:15:54.0359 0248 Boot type: Normal boot
13:15:54.0359 0248 ============================================================
13:15:56.0031 0248 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:15:56.0078 0248 ============================================================
13:15:56.0078 0248 \Device\Harddisk0\DR0:
13:15:56.0078 0248 MBR partitions:
13:15:56.0078 0248 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x121E26A9
13:15:56.0078 0248 ============================================================
13:15:56.0125 0248 C: <-> \Device\Harddisk0\DR0\Partition0
13:15:56.0125 0248 ============================================================
13:15:56.0125 0248 Initialize success
13:15:56.0125 0248 ============================================================
13:15:57.0468 1984 ============================================================
13:15:57.0468 1984 Scan started
13:15:57.0468 1984 Mode: Manual;
13:15:57.0468 1984 ============================================================
13:15:58.0421 1984 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:15:58.0421 1984 !SASCORE - ok
13:15:58.0562 1984 Abiosdsk - ok
13:15:58.0609 1984 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:15:58.0609 1984 abp480n5 - ok
13:15:58.0656 1984 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:15:58.0656 1984 ACPI - ok
13:15:58.0656 1984 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:15:58.0656 1984 ACPIEC - ok
13:15:58.0671 1984 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:15:58.0671 1984 adpu160m - ok
13:15:58.0718 1984 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
13:15:58.0718 1984 aec - ok
13:15:58.0734 1984 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
13:15:58.0734 1984 AFD - ok
13:15:58.0734 1984 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:15:58.0734 1984 agp440 - ok
13:15:58.0750 1984 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:15:58.0750 1984 agpCPQ - ok
13:15:58.0750 1984 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:15:58.0750 1984 Aha154x - ok
13:15:58.0765 1984 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:15:58.0765 1984 aic78u2 - ok
13:15:58.0765 1984 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:15:58.0765 1984 aic78xx - ok
13:15:58.0812 1984 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
13:15:58.0812 1984 Alerter - ok
13:15:58.0828 1984 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
13:15:58.0828 1984 ALG - ok
13:15:58.0843 1984 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:15:58.0843 1984 AliIde - ok
13:15:58.0859 1984 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:15:58.0859 1984 alim1541 - ok
13:15:58.0859 1984 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:15:58.0859 1984 amdagp - ok
13:15:58.0859 1984 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
13:15:58.0859 1984 amsint - ok
13:15:58.0875 1984 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
13:15:58.0875 1984 AppMgmt - ok
13:15:58.0890 1984 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
13:15:58.0890 1984 asc - ok
13:15:58.0890 1984 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:15:58.0890 1984 asc3350p - ok
13:15:58.0890 1984 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:15:58.0906 1984 asc3550 - ok
13:15:58.0953 1984 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
13:15:58.0953 1984 ASCTRM - ok
13:15:59.0078 1984 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:15:59.0078 1984 aspnet_state - ok
13:15:59.0078 1984 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:15:59.0078 1984 AsyncMac - ok
13:15:59.0140 1984 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:15:59.0140 1984 atapi - ok
13:15:59.0140 1984 Atdisk - ok
13:15:59.0203 1984 Ati HotKey Poller (abc57a6f6070baf9786c318f59f29f0b) C:\WINDOWS\system32\Ati2evxx.exe
13:15:59.0203 1984 Ati HotKey Poller - ok
13:15:59.0328 1984 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:15:59.0343 1984 ati2mtag - ok
13:15:59.0359 1984 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:15:59.0359 1984 Atmarpc - ok
13:15:59.0406 1984 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
13:15:59.0406 1984 AudioSrv - ok
13:15:59.0421 1984 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:15:59.0421 1984 audstub - ok
13:15:59.0421 1984 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:15:59.0421 1984 Beep - ok
13:15:59.0500 1984 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
13:15:59.0500 1984 BITS - ok
13:15:59.0531 1984 BridgeMP (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
13:15:59.0531 1984 BridgeMP - ok
13:15:59.0546 1984 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
13:15:59.0546 1984 Browser - ok
13:15:59.0546 1984 bvrp_pci - ok
13:15:59.0671 1984 catchme - ok
13:15:59.0687 1984 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:15:59.0687 1984 cbidf - ok
13:15:59.0687 1984 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:15:59.0687 1984 cbidf2k - ok
13:15:59.0687 1984 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:15:59.0687 1984 cd20xrnt - ok
13:15:59.0703 1984 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:15:59.0703 1984 Cdaudio - ok
13:15:59.0718 1984 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
13:15:59.0718 1984 Cdfs - ok
13:15:59.0734 1984 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:15:59.0734 1984 Cdrom - ok
13:15:59.0734 1984 Changer - ok
13:15:59.0765 1984 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
13:15:59.0765 1984 CiSvc - ok
13:15:59.0765 1984 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
13:15:59.0765 1984 ClipSrv - ok
13:15:59.0875 1984 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:15:59.0875 1984 clr_optimization_v2.0.50727_32 - ok
13:15:59.0875 1984 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:15:59.0875 1984 CmdIde - ok
13:15:59.0875 1984 COMSysApp - ok
13:15:59.0890 1984 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:15:59.0890 1984 Cpqarray - ok
13:15:59.0921 1984 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.exe
13:15:59.0921 1984 Creative Service for CDROM Access - ok
13:15:59.0937 1984 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
13:15:59.0937 1984 CryptSvc - ok
13:15:59.0984 1984 ctac32k (8a9c65ce4fe6e8cb24ce06ba28d951a0) C:\WINDOWS\system32\drivers\ctac32k.sys
13:15:59.0984 1984 ctac32k - ok
13:16:00.0031 1984 ctaud2k (47236971dfb3e03690b98e41665d0924) C:\WINDOWS\system32\drivers\ctaud2k.sys
13:16:00.0031 1984 ctaud2k - ok
13:16:00.0078 1984 ctdvda2k (5a0eeb00b02fc78605aa9d3590b24978) C:\WINDOWS\system32\drivers\ctdvda2k.sys
13:16:00.0078 1984 ctdvda2k - ok
13:16:00.0093 1984 ctprxy2k (2381cf056c15271f6b8dab50ff82cf3a) C:\WINDOWS\system32\drivers\ctprxy2k.sys
13:16:00.0093 1984 ctprxy2k - ok
13:16:00.0109 1984 ctsfm2k (da1c530de86c85a701138b30fb145af3) C:\WINDOWS\system32\drivers\ctsfm2k.sys
13:16:00.0109 1984 ctsfm2k - ok
13:16:00.0125 1984 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:16:00.0125 1984 dac2w2k - ok
13:16:00.0140 1984 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:16:00.0140 1984 dac960nt - ok
13:16:00.0187 1984 DcomLaunch (ce94a2bd25e3e9f4d46a7373ff455c6d) C:\WINDOWS\system32\rpcss.dll
13:16:00.0203 1984 DcomLaunch - ok
13:16:00.0250 1984 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll
13:16:00.0250 1984 Dhcp - ok
13:16:00.0296 1984 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
13:16:00.0296 1984 Disk - ok
13:16:00.0375 1984 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
13:16:00.0375 1984 DLABOIOM - ok
13:16:00.0375 1984 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
13:16:00.0375 1984 DLACDBHM - ok
13:16:00.0375 1984 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
13:16:00.0390 1984 DLADResN - ok
13:16:00.0390 1984 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
13:16:00.0390 1984 DLAIFS_M - ok
13:16:00.0390 1984 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
13:16:00.0406 1984 DLAOPIOM - ok
13:16:00.0406 1984 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
13:16:00.0406 1984 DLAPoolM - ok
13:16:00.0406 1984 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
13:16:00.0406 1984 DLARTL_N - ok
13:16:00.0421 1984 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
13:16:00.0421 1984 DLAUDFAM - ok
13:16:00.0421 1984 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
13:16:00.0437 1984 DLAUDF_M - ok
13:16:00.0437 1984 dmadmin - ok
13:16:00.0484 1984 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
13:16:00.0484 1984 dmboot - ok
13:16:00.0515 1984 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
13:16:00.0515 1984 dmio - ok
13:16:00.0515 1984 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:16:00.0515 1984 dmload - ok
13:16:00.0562 1984 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
13:16:00.0562 1984 dmserver - ok
13:16:00.0578 1984 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
13:16:00.0578 1984 DMusic - ok
13:16:00.0781 1984 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
13:16:00.0781 1984 Dnscache - ok
13:16:00.0859 1984 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:16:00.0859 1984 dpti2o - ok
13:16:00.0890 1984 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
13:16:00.0890 1984 drmkaud - ok
13:16:01.0078 1984 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
13:16:01.0078 1984 DRVMCDB - ok
13:16:01.0109 1984 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
13:16:01.0109 1984 DRVNDDM - ok
13:16:01.0234 1984 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
13:16:01.0234 1984 DSBrokerService - ok
13:16:01.0265 1984 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
13:16:01.0265 1984 DSproct - ok
13:16:01.0281 1984 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
13:16:01.0281 1984 dsunidrv - ok
13:16:01.0312 1984 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:16:01.0312 1984 E100B - ok
13:16:01.0328 1984 emupia (661cf27263f3e0b553be050a42d357db) C:\WINDOWS\system32\drivers\emupia2k.sys
13:16:01.0328 1984 emupia - ok
13:16:01.0343 1984 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
13:16:01.0359 1984 ERSvc - ok
13:16:01.0390 1984 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
13:16:01.0390 1984 Eventlog - ok
13:16:01.0421 1984 EventSystem (34bbd9acc1538818f2c878898c64e793) C:\WINDOWS\system32\es.dll
13:16:01.0421 1984 EventSystem - ok
13:16:01.0453 1984 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
13:16:01.0453 1984 Fastfat - ok
13:16:01.0484 1984 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
13:16:01.0484 1984 FastUserSwitchingCompatibility - ok
13:16:01.0546 1984 Fax (fcbd571fa0ee8dc238944ae5fab74461) C:\WINDOWS\system32\fxssvc.exe
13:16:01.0562 1984 Fax - ok
13:16:01.0578 1984 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:16:01.0578 1984 Fdc - ok
13:16:01.0640 1984 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
13:16:01.0640 1984 Fips - ok
13:16:01.0671 1984 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:16:01.0671 1984 Flpydisk - ok
13:16:01.0703 1984 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:16:01.0703 1984 FltMgr - ok
13:16:01.0828 1984 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:16:01.0828 1984 FontCache3.0.0.0 - ok
13:16:01.0843 1984 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:16:01.0843 1984 Fs_Rec - ok
13:16:01.0859 1984 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:16:01.0859 1984 Ftdisk - ok
13:16:01.0875 1984 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:16:01.0875 1984 Gpc - ok
13:16:01.0953 1984 ha20x2k (862d4185d43128fef7818711f8f30436) C:\WINDOWS\system32\drivers\ha20x2k.sys
13:16:01.0953 1984 ha20x2k - ok
13:16:02.0015 1984 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:16:02.0015 1984 helpsvc - ok
13:16:02.0062 1984 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
13:16:02.0062 1984 HidServ - ok
13:16:02.0078 1984 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:16:02.0078 1984 HidUsb - ok
13:16:02.0109 1984 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
13:16:02.0109 1984 hpn - ok
13:16:02.0156 1984 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
13:16:02.0156 1984 HSFHWBS2 - ok
13:16:02.0218 1984 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
13:16:02.0234 1984 HSF_DP - ok
13:16:02.0296 1984 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
13:16:02.0296 1984 HTTP - ok
13:16:02.0328 1984 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
13:16:02.0328 1984 HTTPFilter - ok
13:16:02.0359 1984 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:16:02.0359 1984 i2omgmt - ok
13:16:02.0390 1984 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:16:02.0390 1984 i2omp - ok
13:16:02.0421 1984 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:16:02.0421 1984 i8042prt - ok
13:16:02.0578 1984 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:16:02.0578 1984 idsvc - ok
13:16:02.0609 1984 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:16:02.0609 1984 Imapi - ok
13:16:02.0671 1984 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
13:16:02.0671 1984 ImapiService - ok
13:16:02.0703 1984 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:16:02.0703 1984 ini910u - ok
13:16:02.0718 1984 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:16:02.0718 1984 IntelIde - ok
13:16:02.0750 1984 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:16:02.0750 1984 intelppm - ok
13:16:02.0781 1984 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:16:02.0781 1984 Ip6Fw - ok
13:16:02.0781 1984 iphlpsvc - ok
13:16:02.0796 1984 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:16:02.0796 1984 IpInIp - ok
13:16:02.0843 1984 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:16:02.0843 1984 IpNat - ok
13:16:02.0859 1984 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:16:02.0859 1984 IPSec - ok
13:16:02.0890 1984 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:16:02.0890 1984 IRENUM - ok
13:16:02.0921 1984 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:16:02.0921 1984 isapnp - ok
13:16:02.0937 1984 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:16:02.0937 1984 Kbdclass - ok
13:16:02.0968 1984 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:16:02.0968 1984 kbdhid - ok
13:16:03.0000 1984 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
13:16:03.0000 1984 kmixer - ok
13:16:03.0031 1984 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
13:16:03.0031 1984 KSecDD - ok
13:16:03.0078 1984 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll
13:16:03.0078 1984 lanmanserver - ok
13:16:03.0125 1984 lanmanworkstation (2c0a7b2ae9c26f2c163627679b42783c) C:\WINDOWS\System32\wkssvc.dll
13:16:03.0140 1984 lanmanworkstation - ok
13:16:03.0140 1984 lbrtfdc - ok
13:16:03.0156 1984 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
13:16:03.0156 1984 LmHosts - ok
13:16:03.0281 1984 McAfeeFramework (062d80f13d762f7bc2f38430d60f5048) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
13:16:03.0281 1984 McAfeeFramework - ok
13:16:03.0343 1984 McShield (50182e471b44c7a0f63b46e2def08b0f) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
13:16:03.0343 1984 McShield - ok
13:16:03.0406 1984 McTaskManager (b15bb3aef59158b4e1dda5328c842713) C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
13:16:03.0406 1984 McTaskManager - ok
13:16:03.0500 1984 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
13:16:03.0500 1984 MDM - ok
13:16:03.0515 1984 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:16:03.0515 1984 mdmxsdk - ok
13:16:03.0531 1984 mfeapfk (c0d975d64c1af8057f2d75b1297a6979) C:\WINDOWS\system32\drivers\mfeapfk.sys
13:16:03.0531 1984 mfeapfk - ok
13:16:03.0562 1984 mfeavfk (c169326049a8a03d5f905b34f5a65f8c) C:\WINDOWS\system32\drivers\mfeavfk.sys
13:16:03.0562 1984 mfeavfk - ok
13:16:03.0578 1984 mfeavfk01 - ok
13:16:03.0578 1984 mfebopk (50b0253b2484a306a20d8695c5ae5858) C:\WINDOWS\system32\drivers\mfebopk.sys
13:16:03.0578 1984 mfebopk - ok
13:16:03.0656 1984 mfehidk (37800fbb68d88e3c3e49bb9c97233e87) C:\WINDOWS\system32\drivers\mfehidk.sys
13:16:03.0656 1984 mfehidk - ok
13:16:03.0687 1984 mferkdet (47c91e229b129047f0138011ddf9f92f) C:\WINDOWS\system32\drivers\mferkdet.sys
13:16:03.0687 1984 mferkdet - ok
13:16:03.0718 1984 mfetdi2k (97ef4ca122ddda4781ff557e65dfb262) C:\WINDOWS\system32\drivers\mfetdi2k.sys
13:16:03.0718 1984 mfetdi2k - ok
13:16:03.0734 1984 mfevtp (9f09caa8dc12fc1626f82a5c212f6f9c) C:\WINDOWS\system32\mfevtps.exe
13:16:03.0734 1984 mfevtp - ok
13:16:03.0781 1984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:16:03.0781 1984 mnmdd - ok
13:16:03.0828 1984 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
13:16:03.0828 1984 mnmsrvc - ok
13:16:03.0843 1984 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
13:16:03.0843 1984 Modem - ok
13:16:03.0859 1984 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
13:16:03.0859 1984 MODEMCSA - ok
13:16:03.0890 1984 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:16:03.0890 1984 Mouclass - ok
13:16:03.0921 1984 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:16:03.0921 1984 mouhid - ok
13:16:03.0921 1984 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
13:16:03.0921 1984 MountMgr - ok
13:16:03.0953 1984 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:16:03.0953 1984 mraid35x - ok
13:16:03.0968 1984 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:16:03.0968 1984 MRxDAV - ok
13:16:04.0031 1984 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:16:04.0046 1984 MRxSmb - ok
13:16:04.0078 1984 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
13:16:04.0078 1984 MSDTC - ok
13:16:04.0093 1984 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
13:16:04.0093 1984 Msfs - ok
13:16:04.0093 1984 MSIServer - ok
13:16:04.0109 1984 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:16:04.0109 1984 MSKSSRV - ok
13:16:04.0109 1984 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:16:04.0109 1984 MSPCLOCK - ok
13:16:04.0125 1984 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
13:16:04.0125 1984 MSPQM - ok
13:16:04.0156 1984 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:16:04.0156 1984 mssmbios - ok
13:16:04.0156 1984 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
13:16:04.0156 1984 Mup - ok
13:16:04.0171 1984 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
13:16:04.0171 1984 NDIS - ok
13:16:04.0218 1984 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:16:04.0218 1984 NdisTapi - ok
13:16:04.0250 1984 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:16:04.0250 1984 Ndisuio - ok
13:16:04.0250 1984 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:16:04.0250 1984 NdisWan - ok
13:16:04.0265 1984 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
13:16:04.0265 1984 NDProxy - ok
13:16:04.0265 1984 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:16:04.0265 1984 NetBIOS - ok
13:16:04.0296 1984 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:16:04.0296 1984 NetBT - ok
13:16:04.0328 1984 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
13:16:04.0343 1984 NetDDE - ok
13:16:04.0343 1984 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
13:16:04.0343 1984 NetDDEdsdm - ok
13:16:04.0375 1984 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
13:16:04.0390 1984 Netlogon - ok
13:16:04.0437 1984 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll
13:16:04.0453 1984 Netman - ok
13:16:04.0625 1984 NetSvc (9da26b773bd04b867a8e9f427cd048fc) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
13:16:04.0625 1984 NetSvc - ok
13:16:04.0750 1984 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:16:04.0750 1984 NetTcpPortSharing - ok
13:16:04.0796 1984 Nla (4e74af063c3271fbea20dd940cfd1184) C:\WINDOWS\System32\mswsock.dll
13:16:04.0796 1984 Nla - ok
13:16:04.0812 1984 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
13:16:04.0812 1984 Npfs - ok
13:16:04.0890 1984 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
13:16:04.0890 1984 Ntfs - ok
13:16:04.0890 1984 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
13:16:04.0906 1984 NtLmSsp - ok
13:16:04.0953 1984 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
13:16:04.0968 1984 NtmsSvc - ok
13:16:05.0000 1984 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:16:05.0000 1984 Null - ok
13:16:05.0125 1984 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:16:05.0140 1984 nv - ok
13:16:05.0296 1984 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:16:05.0296 1984 NwlnkFlt - ok
13:16:05.0312 1984 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:16:05.0312 1984 NwlnkFwd - ok
13:16:05.0390 1984 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:16:05.0390 1984 ose - ok
13:16:05.0421 1984 ossrv (99f877a7bb6feb5af1184eafe937c208) C:\WINDOWS\system32\drivers\ctoss2k.sys
13:16:05.0421 1984 ossrv - ok
13:16:05.0468 1984 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
13:16:05.0468 1984 Parport - ok
13:16:05.0500 1984 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
13:16:05.0500 1984 PartMgr - ok
13:16:05.0515 1984 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:16:05.0515 1984 ParVdm - ok
13:16:05.0656 1984 PcCtlCom (30974c7e29cb115a89ffb2ccb5f89f88) C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
13:16:05.0656 1984 PcCtlCom - ok
13:16:05.0671 1984 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
13:16:05.0671 1984 PCI - ok
13:16:05.0671 1984 PCIDump - ok
13:16:05.0687 1984 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:16:05.0687 1984 PCIIde - ok
13:16:05.0718 1984 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:16:05.0718 1984 Pcmcia - ok
13:16:05.0718 1984 PDCOMP - ok
13:16:05.0718 1984 PDFRAME - ok
13:16:05.0734 1984 PDRELI - ok
13:16:05.0734 1984 PDRFRAME - ok
13:16:05.0765 1984 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
13:16:05.0765 1984 perc2 - ok
13:16:05.0781 1984 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:16:05.0781 1984 perc2hib - ok
13:16:05.0828 1984 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
13:16:05.0828 1984 PlugPlay - ok
13:16:05.0843 1984 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
13:16:05.0843 1984 PolicyAgent - ok
13:16:05.0859 1984 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:16:05.0859 1984 PptpMiniport - ok
13:16:05.0859 1984 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
13:16:05.0859 1984 ProtectedStorage - ok
13:16:05.0875 1984 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
13:16:05.0875 1984 PSched - ok
13:16:05.0875 1984 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:16:05.0875 1984 Ptilink - ok
13:16:05.0906 1984 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:16:05.0906 1984 PxHelp20 - ok
13:16:05.0921 1984 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:16:05.0921 1984 ql1080 - ok
13:16:05.0937 1984 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:16:05.0937 1984 Ql10wnt - ok
13:16:05.0953 1984 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:16:05.0953 1984 ql12160 - ok
13:16:05.0984 1984 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:16:05.0984 1984 ql1240 - ok
13:16:06.0000 1984 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:16:06.0000 1984 ql1280 - ok
13:16:06.0031 1984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:16:06.0031 1984 RasAcd - ok
13:16:06.0078 1984 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
13:16:06.0078 1984 RasAuto - ok
13:16:06.0093 1984 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:16:06.0109 1984 Rasl2tp - ok
13:16:06.0343 1984 RasMan (d4bd2eeab07fef323f0a0ceecc954f51) C:\WINDOWS\System32\rasmans.dll
13:16:06.0343 1984 RasMan - ok
13:16:06.0359 1984 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:16:06.0359 1984 RasPppoe - ok
13:16:06.0359 1984 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:16:06.0359 1984 Raspti - ok
13:16:06.0406 1984 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:16:06.0406 1984 Rdbss - ok
13:16:06.0421 1984 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:16:06.0421 1984 RDPCDD - ok
13:16:06.0437 1984 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:16:06.0437 1984 rdpdr - ok
13:16:06.0484 1984 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
13:16:06.0484 1984 RDPWD - ok
13:16:06.0531 1984 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
13:16:06.0531 1984 RDSessMgr - ok
13:16:06.0562 1984 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:16:06.0562 1984 redbook - ok
13:16:06.0593 1984 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
13:16:06.0593 1984 RemoteAccess - ok
13:16:06.0640 1984 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
13:16:06.0640 1984 RemoteRegistry - ok
13:16:06.0687 1984 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
13:16:06.0687 1984 RpcLocator - ok
13:16:06.0750 1984 RpcSs (ce94a2bd25e3e9f4d46a7373ff455c6d) C:\WINDOWS\System32\rpcss.dll
13:16:06.0750 1984 RpcSs - ok
13:16:06.0796 1984 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:16:06.0796 1984 RSVP - ok
13:16:06.0875 1984 SABProcEnum - ok
13:16:06.0890 1984 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
13:16:06.0890 1984 SamSs - ok
13:16:06.0984 1984 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:16:06.0984 1984 SASDIFSV - ok
13:16:06.0984 1984 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:16:06.0984 1984 SASKUTIL - ok
13:16:07.0031 1984 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
13:16:07.0031 1984 SCardSvr - ok
13:16:07.0078 1984 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
13:16:07.0078 1984 Schedule - ok
13:16:07.0109 1984 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:16:07.0109 1984 Secdrv - ok
13:16:07.0140 1984 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
13:16:07.0140 1984 seclogon - ok
13:16:07.0156 1984 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
13:16:07.0156 1984 SENS - ok
13:16:07.0187 1984 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:16:07.0187 1984 serenum - ok
13:16:07.0187 1984 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
13:16:07.0187 1984 Serial - ok
13:16:07.0218 1984 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
13:16:07.0218 1984 Sfloppy - ok
13:16:07.0281 1984 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
13:16:07.0281 1984 SharedAccess - ok
13:16:07.0312 1984 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
13:16:07.0312 1984 ShellHWDetection - ok
13:16:07.0312 1984 Simbad - ok
13:16:07.0343 1984 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:16:07.0343 1984 sisagp - ok
13:16:07.0375 1984 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:16:07.0375 1984 Sparrow - ok
13:16:07.0406 1984 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
13:16:07.0421 1984 splitter - ok
13:16:07.0453 1984 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
13:16:07.0453 1984 Spooler - ok
13:16:07.0468 1984 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
13:16:07.0468 1984 sr - ok
13:16:07.0531 1984 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
13:16:07.0546 1984 srservice - ok
13:16:07.0593 1984 Srv (e03b4ea274c9e509cca7f9f0cec24232) C:\WINDOWS\system32\DRIVERS\srv.sys
13:16:07.0593 1984 Srv - ok
13:16:07.0640 1984 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
13:16:07.0640 1984 SSDPSRV - ok
13:16:07.0671 1984 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll
13:16:07.0671 1984 stisvc - ok
13:16:07.0703 1984 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:16:07.0718 1984 swenum - ok
13:16:07.0734 1984 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
13:16:07.0734 1984 swmidi - ok
13:16:07.0734 1984 SwPrv - ok
13:16:07.0781 1984 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
13:16:07.0781 1984 symc810 - ok
13:16:07.0796 1984 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:16:07.0796 1984 symc8xx - ok
13:16:07.0812 1984 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:16:07.0812 1984 sym_hi - ok
13:16:07.0843 1984 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:16:07.0843 1984 sym_u3 - ok
13:16:07.0875 1984 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
13:16:07.0875 1984 sysaudio - ok
13:16:07.0921 1984 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
13:16:07.0921 1984 SysmonLog - ok
13:16:07.0984 1984 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll
13:16:07.0984 1984 TapiSrv - ok
13:16:08.0046 1984 Tcpip (1dbf125862891817f374f407626967f4) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:16:08.0046 1984 Tcpip - ok
13:16:08.0078 1984 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:16:08.0078 1984 TDPIPE - ok
13:16:08.0078 1984 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
13:16:08.0078 1984 TDTCP - ok
13:16:08.0093 1984 tdx - ok
13:16:08.0125 1984 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:16:08.0125 1984 TermDD - ok
13:16:08.0187 1984 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
13:16:08.0187 1984 TermService - ok
13:16:08.0250 1984 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
13:16:08.0250 1984 Themes - ok
13:16:08.0296 1984 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
13:16:08.0296 1984 TlntSvr - ok
13:16:08.0343 1984 Tmfilter (f23c38f5edeb8d0fbd512632f5421651) C:\WINDOWS\system32\drivers\TmXPFlt.sys
13:16:08.0343 1984 Tmfilter - ok
13:16:08.0500 1984 Tmntsrv (37c406bac6896d504e054bbfaa120d79) C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
13:16:08.0515 1984 Tmntsrv - ok
13:16:08.0578 1984 TmPfw (70ee53c6e1b5402c5ce0f12d038b0f4c) C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
13:16:08.0593 1984 TmPfw - ok
13:16:08.0625 1984 Tmpreflt (de9e8269185a7614a5a4f39cacd266ec) C:\WINDOWS\system32\drivers\Tmpreflt.sys
13:16:08.0625 1984 Tmpreflt - ok
13:16:08.0656 1984 tmproxy (949bb051485aef6516a600f7454f0abf) C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
13:16:08.0656 1984 tmproxy - ok
13:16:08.0671 1984 tmtdi (309f8d84fcb94fda6629228aa3c893e5) C:\WINDOWS\System32\Drivers\tmtdi.sys
13:16:08.0687 1984 tmtdi - ok
13:16:08.0812 1984 tm_cfw (6b34c260fe86e9171f8c897b552625aa) C:\WINDOWS\System32\Drivers\tm_cfw.sys
13:16:08.0828 1984 tm_cfw - ok
13:16:09.0000 1984 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
13:16:09.0000 1984 TosIde - ok
13:16:09.0015 1984 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
13:16:09.0015 1984 TrkWks - ok
13:16:09.0031 1984 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
13:16:09.0031 1984 Udfs - ok
13:16:09.0062 1984 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
13:16:09.0062 1984 ultra - ok
13:16:09.0093 1984 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
13:16:09.0093 1984 UMWdf - ok
13:16:09.0125 1984 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
13:16:09.0125 1984 Update - ok
13:16:09.0171 1984 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll
13:16:09.0171 1984 upnphost - ok
13:16:09.0187 1984 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
13:16:09.0187 1984 UPS - ok
13:16:09.0234 1984 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:16:09.0234 1984 usbccgp - ok
13:16:09.0250 1984 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:16:09.0250 1984 usbehci - ok
13:16:09.0250 1984 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:16:09.0250 1984 usbhub - ok
13:16:09.0281 1984 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:16:09.0281 1984 usbprint - ok
13:16:09.0281 1984 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:16:09.0281 1984 USBSTOR - ok
13:16:09.0312 1984 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:16:09.0312 1984 usbuhci - ok
13:16:09.0343 1984 USB_RNDIS_XP (af090265ec388bab320f1ff7e7a7d5ea) C:\WINDOWS\system32\DRIVERS\usb8023.sys
13:16:09.0343 1984 USB_RNDIS_XP - ok
13:16:09.0359 1984 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
13:16:09.0359 1984 VgaSave - ok
13:16:09.0390 1984 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:16:09.0390 1984 viaagp - ok
13:16:09.0406 1984 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:16:09.0406 1984 ViaIde - ok
13:16:09.0453 1984 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
13:16:09.0453 1984 VolSnap - ok
13:16:09.0578 1984 Vsapint (eb80f44fe19e0cd7ce998ca11cd790dd) C:\WINDOWS\system32\drivers\Vsapint.sys
13:16:09.0578 1984 Vsapint - ok
13:16:09.0640 1984 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
13:16:09.0640 1984 VSS - ok
13:16:09.0687 1984 w32time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
13:16:09.0687 1984 w32time - ok
13:16:09.0781 1984 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:16:09.0781 1984 Wanarp - ok
13:16:09.0796 1984 wanatw - ok
13:16:09.0843 1984 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
13:16:09.0843 1984 WDC_SAM - ok
13:16:09.0968 1984 WDDMService (bf847a3972cc6b5ce26e0ea742dd52d9) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
13:16:09.0968 1984 WDDMService - ok
13:16:10.0062 1984 WDFME (b5966f1dff6e20576f3c8c2d93d129fd) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
13:16:10.0078 1984 WDFME - ok
13:16:10.0078 1984 WDICA - ok
13:16:10.0125 1984 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
13:16:10.0140 1984 wdmaud - ok
13:16:10.0187 1984 WDSC (92f0088ca18bb08bb596ef2608256f8a) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
13:16:10.0187 1984 WDSC - ok
13:16:10.0234 1984 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll
13:16:10.0234 1984 WebClient - ok
13:16:10.0281 1984 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
13:16:10.0281 1984 winachsf - ok
13:16:10.0296 1984 WinDefend - ok
13:16:10.0296 1984 WinHttpAutoProxySvc - ok
13:16:10.0390 1984 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:16:10.0390 1984 winmgmt - ok
13:16:10.0421 1984 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
13:16:10.0437 1984 WmdmPmSN - ok
13:16:10.0500 1984 Wmi (1aff244ca134956c54474f4e2433e4ce) C:\WINDOWS\System32\advapi32.dll
13:16:10.0500 1984 Wmi - ok
13:16:10.0546 1984 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:16:10.0546 1984 WmiApSrv - ok
13:16:10.0578 1984 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:16:10.0578 1984 WS2IFSL - ok
13:16:10.0609 1984 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
13:16:10.0609 1984 wscsvc - ok
13:16:10.0671 1984 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
13:16:10.0671 1984 wuauserv - ok
13:16:10.0703 1984 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
13:16:10.0718 1984 WZCSVC - ok
13:16:10.0750 1984 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
13:16:10.0750 1984 xmlprov - ok
13:16:10.0781 1984 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
13:16:11.0265 1984 \Device\Harddisk0\DR0 - ok
13:16:11.0265 1984 Boot (0x1200) (54418ea941909957d00b88e9791839db) \Device\Harddisk0\DR0\Partition0
13:16:11.0265 1984 \Device\Harddisk0\DR0\Partition0 - ok
13:16:11.0265 1984 ============================================================
13:16:11.0265 1984 Scan finished
13:16:11.0265 1984 ============================================================
13:16:11.0281 3628 Detected object count: 0
13:16:11.0281 3628 Actual detected object count: 0
13:16:19.0234 2184 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-12 13:20:31
-----------------------------
13:20:31.546 OS Version: Windows 5.1.2600 Service Pack 2
13:20:31.562 Number of processors: 2 586 0x404
13:20:31.562 ComputerName: MAINDESKTOP UserName: Day
13:20:32.218 Initialize success
13:22:40.593 AVAST engine defs: 12061200
13:23:12.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
13:23:12.906 Disk 0 Vendor: SAMSUNG_HD160JJ/P ZM100-34 Size: 152587MB BusType: 3
13:23:12.921 Disk 0 MBR read successfully
13:23:12.921 Disk 0 MBR scan
13:23:12.953 Disk 0 unknown MBR code
13:23:12.953 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
13:23:12.968 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 148420 MB offset 96390
13:23:13.000 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4118 MB offset 304062255
13:23:13.000 Disk 0 scanning sectors +312496380
13:23:13.062 Disk 0 scanning C:\WINDOWS\system32\drivers
13:23:21.640 Service scanning
13:23:36.875 Modules scanning
13:23:39.890 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
13:23:41.312 Disk 0 trace - called modules:
13:23:41.328 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
13:23:41.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae86ab8]
13:23:41.328 3 CLASSPNP.SYS[ba0e905b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8ae4cb00]
13:23:41.828 AVAST engine scan C:\WINDOWS
13:23:46.109 AVAST engine scan C:\WINDOWS\system32
13:25:57.656 AVAST engine scan C:\WINDOWS\system32\drivers
13:26:11.968 AVAST engine scan C:\Documents and Settings\Day
13:32:01.218 AVAST engine scan C:\Documents and Settings\All Users
13:33:00.156 Scan finished successfully
13:46:10.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Day\Desktop\MBR.dat"
13:46:10.000 The log file has been saved successfully to "C:\Documents and Settings\Day\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 PM

Posted 12 June 2012 - 01:37 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Dermont

Dermont
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 13 June 2012 - 12:18 AM

Hello Gringo,

The computer is doing good, seems faster after running combofix again.
I am still seeing these things:
- On some windows in the area of FILE EDIT VIEW etc, there are white boxes around these words. Normally they are gray,and when I hover the mouse over them I get a blue box. Now some are white and don't turn blue.
- When I hit start and go to programs, the list of programs is mostly gray but then turns white as I place the curser on them.
- On startup of the PC I get an icon in the system tray that says "my antivirus may be out of date click balloon to fix this problem" It goes away as McAfee comes on. When I clicked on the icon it opened the Microsoft security center and I unchecked the warnings and it quit doing the popup warning. When I scan with SAS it wants to turn this back on. This didn't happen before.

Also today,McAfee stopped a file, looks like it was related to combofix. I was not running any scans, just on yahoo finance start page.

Combofix log:

ComboFix 12-06-12.03 - Day 06/13/2012 0:25.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2198 [GMT -4:00]
Running from: c:\documents and settings\Day\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Day\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise+AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Trend Micro PC-cillin Internet Security *Disabled/Outdated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro PC-cillin Internet Security (Firewall) *Enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))
.
.
2012-06-04 21:20 . 2012-06-04 21:40 -------- d-----w- c:\program files\stinger
2012-06-04 20:16 . 2012-06-04 21:32 14664 ----a-w- c:\windows\stinger.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-04 20:15 . 2011-08-05 19:34 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-06-04 20:15 . 2011-08-05 19:34 475704 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-06-04 20:15 . 2011-08-05 19:34 159608 ----a-w- c:\windows\system32\mfevtps.exe
2012-04-04 19:56 . 2011-07-30 02:05 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 21:04 . 2012-03-26 21:04 1409 ----a-w- c:\windows\QTFont.for
2011-08-03 06:03 . 2006-08-29 06:38 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2011-08-03 06:03 . 2006-08-29 06:38 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2011-08-03 06:03 . 2006-08-29 06:38 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2005-11-08 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 18944]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-12 98304]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-18 8192]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]
.
c:\documents and settings\Day\Start Menu\Programs\Startup\
Check for ContinuumClient Updates.lnk - c:\program files\Quote.com\ContinuumClient\WiseUpdt.exe [2006-6-12 166518]
Check for QCharts Updates.lnk - c:\program files\Quote.com\QCharts 5.1\WiseUpdt.exe [2006-6-15 166518]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-12 24576]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/5/2011 3:34 PM 88544]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [8/5/2011 3:34 PM 159608]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [8/30/2005 5:36 PM 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [8/30/2005 5:36 PM 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [8/30/2005 5:36 PM 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [8/30/2005 5:36 PM 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [8/30/2005 5:36 PM 262215]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [3/9/2011 12:07 PM 238592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [3/9/2011 12:18 PM 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [3/9/2011 12:16 PM 484352]
S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]
S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [8/11/2004 6:00 PM 14336]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/5/2011 3:34 PM 87656]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/20/2011 10:04 PM 11520]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [8/11/2004 6:00 PM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 10238386
*NewlyCreated* - 15584513
*NewlyCreated* - 38556897
*NewlyCreated* - ASWMBR
*Deregistered* - 10238386
*Deregistered* - 15584513
*Deregistered* - 38556897
*Deregistered* - aswMBR
*Deregistered* - mfeavfk01
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://finance.yahoo.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
FF - ProfilePath - c:\documents and settings\Day\Application Data\Mozilla\Firefox\Profiles\3l1fyv6j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://finance.yahoo.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-13 00:32
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(3460)
c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
c:\windows\system32\msi.dll
.
Completion time: 2012-06-13 00:39:08
ComboFix-quarantined-files.txt 2012-06-13 04:39
ComboFix2.txt 2012-06-11 19:47
.
Pre-Run: 79,011,016,704 bytes free
Post-Run: 78,992,613,376 bytes free
.
- - End Of File - - 6A3DD9FCC0F35612DD34AEA6256CBA37

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 PM

Posted 13 June 2012 - 01:13 AM

Greetings,

See if this fixes IE

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following

  • Start Internet Explorer.
  • click on safety
  • click on delete browsing history
  • make sure all boxes are checked
  • click on Tools,
  • click Internet Options.
  • On the Advanced tab, click Reset
  • put a check mark next to Delete Personal Settings
  • click Reset to confirm
  • when complete click the close button
  • restart IE


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Dermont

Dermont
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 13 June 2012 - 01:07 PM

Hello Gringo,

What will this do to my current IE settings? Is there something wrong with them? I know it is an out of date version and I woukd like to upgrade to IE 8. But I have heard not to add IE8 until I upgrade to XP service pac3 first as IE8 may stop SP3 upgrade from working.

Thanks,
Dermont

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 PM

Posted 13 June 2012 - 02:14 PM

this will reset any changes that may have been made to IE - in short making it as when it first started



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Dermont

Dermont
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 13 June 2012 - 03:23 PM

Hello Gringo,

I still don't understand what needs to be fixed in IE. I havn't had any problems with IE except it is out dated. I havn't listed IE as a problem that needs a fix. Did you see somethig that was a problem or is this done as a preventive measure in case malware made changes? Will I lose favorites? Also in my version of IE6 I don't see "safety" to click on.
Sorry about all the questions Gringo, just trying to be clear in reguards to the reason we are doing this, and what is our goal?

Thanks a lot for your help,
Dermont




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users